checksecurity - basic system security checks

Property Value
Distribution Debian 8 (Jessie)
Repository Debian Main i386
Package filename checksecurity_2.0.15_all.deb
Package name checksecurity
Package version 2.0.15
Package release -
Package architecture all
Package type deb
Category admin implemented-in::perl interface::commandline role::program scope::utility security::ids use::scanning
Homepage -
License -
Maintainer Javier Fernández-Sanguino Peña <>
Download size 24.19 KB
Installed size 116.00 KB
Checksecurity does some very basic system security checks, such as
looking for changes in which programs have setuid permissions, and that
remote filesystems are not allowed to have runnable setuid programs.
Note that these are not to be considered in any way complete, and
you should not rely on checksecurity to actually provide any useful
information concerning the security or vulnerability of your system.
The lockfile-progs package is only a "Suggests" because of the poor
way that dselect handles "Recommends", but I do strongly suggest that
you install it; it prevents /etc/cron.daily/standard from running multiple
times if something gets jammed.
Checksecurity was previously part of the cron package.


Package Version Architecture Repository
checksecurity_2.0.15_all.deb 2.0.15 all Debian Main
checksecurity - - -


Name Value
anacron -
cron >= 3.0pl1-74
debconf >= 0.5
debconf-2.0 -
fcron -
perl >= 5.8.0
util-linux >= 2.15~rc1-1


Name Value
lockfile-progs << 0.1.7


Name Value
cron -


Type URL
Binary Package checksecurity_2.0.15_all.deb
Source Package checksecurity

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install checksecurity deb package:
    # sudo apt-get install checksecurity




2013-09-28 - Javier Fernández-Sanguino Peña <>
checksecurity (2.0.15) unstable; urgency=medium
* Fix bug in the CS_NFSAFS definition in etc/check-setuid.conf that prevents
the script from matching any filesystem. This bug was, actually, making the
script not do anything in the default configuration.
Thanks go to Alessandro Vesely for spotting this bug and providing a fix.
* debian/control: Adjust the maintainer's name
2010-10-27 - Javier Fernandez-Sanguino Pen~a <>
checksecurity (2.0.14) unstable; urgency=low
* plugins/check-setuid:
- Integrate changes to from Ubuntu to make use of ionice when calling
find. (Closes: #578640)
- Use the -ignore_readdir_race option when calling find to avoid
error messages when encountering stale files (Closes: #583809)
* etc/global-checksecurity.conf: Adjust comments associated to  
CHECKSECURITY_EMAIL to point to bsd-mailx instead of mailx and 
remove reference to cron. (Closes: #541636)
* debian/control: Depend on util-linux (>= 2.15~rc1-1) which provides
* debian/compat: Change from 4 to 5
* debian/rules: Adjust calls to dh_clean
2010-04-21 - James Westby <>
checksecurity (2.0.13ubuntu2) lucid; urgency=low
[ Matt Zimmerman ]
* plugins/check-setuid: Use ionice to set idle I/O scheduling priority for
find(1) across the whole filesystem.
[ James Westby ]
* plugins/check-setuid: Use the -t option to ionice so that failures to set
I/O priority don't stop the command running.
- Depend on util-linux (>= 2.15~rc1-1) to ensure the feature is available.
- Thanks Colin Watson.
2009-05-26 - Javier Fernandez-Sanguino Pen~a <>
checksecurity (2.0.13) unstable; urgency=low
* Do not report 'disk full' for filesystems mounted under /media.
This includes the cdrom as well as possibly some other removal
media like USB memories. Thanks to Tim Connors for
detecting this bug and providing a patch (Closes: #514306)
* Add some information in the both check-setuid's manpage and the
configuration file related to false positives generated from /dev changes
when a system is rebooted (due to changes in timestamps). And provide
instructions on how to remove them.
* Extend check-socket to make it possible to exclude certain lines from
the output through the CHECKSECURITY_IGNORELINES variable. 
(Closes: #522749)
* Added the 'lustre' filesystem to the network filesystem list in
the default check-setuid.conf (Closes: #502421)
* Change Makefile to include etc/check-socket.conf in the package.
2009-03-21 - Javier Fernandez-Sanguino Pen~a <>
checksecurity (2.0.12) unstable; urgency=medium
* Fix bug in plugins/check_sockets which prevented it from being 
actually useful. Thanks to Richard Kapolnai for detecting this
bug and providing a patch. (Closes: #520654)
2008-07-28 - Javier Fernandez-Sanguino Pen~a <>
checksecurity (2.0.11) unstable; urgency=low
* Debconf Translation changes:
- Included Portuguese debconf translation, submitted by Rui Branco (Closes: 489378)
- Fixed "Project-Id-Version" field in Japanese translation
2008-04-29 - Javier Fernandez-Sanguino Pen~a <>
checksecurity (2.0.10) unstable; urgency=low
* Remove chrony from the list of Depends: since it does not actually provide
a task scheduler, change it to fcron (Closes: #478203, #479661)
2008-04-16 - Javier Fernandez-Sanguino Pen~a <>
checksecurity (2.0.9) unstable; urgency=low
* The "where did I leave my head release"
* Acknowledge the 2.0.7-10.1 NMU, the updated PO files from some languages
had not been included in the 2.0.7 release
* Do not search fuse filesystems by default (Closes: #467299)
* Lintian fix: remove debian/files from source (Closes: 451054)
* Allow users to select cron facility by depending on cron | anacron |
chrony (Closes: 375058)

See Also

Package Description
checkstyle-doc_5.9-1_all.deb Documentation for Checkstyle
checkstyle_5.9-1_all.deb checks Java source against a coding standard
cheese-common_3.14.1-2_all.deb Common files for the Cheese tool to take pictures and videos
cheese_3.14.1-2_i386.deb tool to take pictures and videos from your webcam
chef-zero_3.1.3-1_all.deb in-memory Chef server (for testing and solo purposes)
chef_11.12.8-2_all.deb systems integration framework - clients
chemeq_2.12-1_i386.deb Parser for chemical formula and equilibria
chemical-mime-data_0.1.94-6_all.deb chemical MIME and file type support for desktops
chemical-structures_2.2.dfsg.0-12_all.deb set of molecular structures in open formats
chemtool_1.6.14-1_i386.deb chemical structures drawing program
cherrytree_0.35.2-1_all.deb hierarchical note taking application
chessx_1.2.2-1_i386.deb chess database
chewmail_1.3-1_all.deb mail archiver for various mailbox formats
chiark-backup_4.4.2_all.deb backup system for small systems and networks
chiark-really_4.4.2_i386.deb really - a tool for gaining privilege (simple, realistic sudo)